package com.crazymaker.springcloud.demo.config;

import com.crazymaker.springcloud.demo.security.DemoAuthConfigurer;
import com.crazymaker.springcloud.demo.security.DemoAuthProvider;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

/**
 * 启动spring security
 */
@EnableWebSecurity
@Slf4j
public class DemoWebSecurityConfig extends WebSecurityConfigurerAdapter {

    public DemoWebSecurityConfig() {
        log.info("DemoWebSecurityConfig init...");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()       // 关闭跨域伪造检查
            .authorizeRequests()    // 授权配置
            .antMatchers("/**/v2/api-docs",
                    "/**/swagger-resources/configuration/ui",
                    "/**/swagger-resources",
                    "/**/swagger-resources/configuration/security",
                    "/images/**",
                    "/**/swagger-ui.html",
                    "/**/webjars/**",
                    "/**/favicon.ico",
                    "/**/css/**",
                    "/**/good/detail",
                    "/**/js/**")
                .permitAll()        // 上述路径方向
                .anyRequest().authenticated()   //  其他请求需要认证
                .and().formLogin().disable()        // 禁用表单登录
                .sessionManagement().disable()      // 禁用session
                .cors()
                .and()
                .apply(new DemoAuthConfigurer<>())
                .and()
                .sessionManagement().disable();   // 禁用session
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 加入自定义的Provider实例
        // auth.authenticationProvider(getDemoAuthProvider());
        auth.authenticationProvider(daoAuthenticationProvider());
    }

    @Bean("demoAuthProvider")
    protected DemoAuthProvider getDemoAuthProvider() {
        return new DemoAuthProvider();
    }

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private UserDetailsService userDetailsService;

    @Bean("authenticationProvider")
    protected AuthenticationProvider daoAuthenticationProvider() throws Exception {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder);
        provider.setUserDetailsService(userDetailsService);
        return provider;
    }
}
